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O AMENPIVIENTS TO THE CLAIMS 

o 

^ This listing of claims replaces all prior versions and listings of claims in the application. 
(OQ 

— Listing of Claims 



I- 



1. (Currently Amended) A method for providing controlled access to a 



^ desired function in a system w)=wGh that includes a plurality of functionsr-ea^ 
OQ p lurality of funct ietf » - haviRg - a correspond i ng k e y associat e d th e r e w i tl =», the method 

comprising: 

dividing the plurality of functions into a plurality of groups: 
assigning a corresponding kev to each group: 

receiving an access __reguest from an external entity, said access request 
including one of the assigned kevs: 

se l ecting a key corr e spond i ng to sa i d d e s i r e d function; 

conducting an authentication process which i ncludes for the external entity, using 
sa i d s e l e ct e d the key received in the access reguest : and 

controlling acc e ss to said d e s i r e d function a ccording to a r e su l t of sai d 
auth e nt i cation proc e s s 

upon positivelv authenticating the external entity, granting the entity. access only 
to the functions in the group correspond I r^q to the kev received in the access request, 
while prohibiting access to functions in other groups . 



2. (Canceled) 



3. (Original) The method according to claim 1, wherein each of said 
corresponding keys comprises a public key. 

4. (Original) The method acconding to claim 1, wherein each of said 
corresponding keys, an authentication code and codes for said plurality of functions are 
stored in a memory of said system. 
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^ 5. (Original) The method according to claim 4. wherein said memory 

O comprises an internal read-only memory (IROM). 

Ill 

6. (Original) The method according to claim 4, wherein said memory 

^ comprises a one-time programmable part of a non-votatile program memory. 

I 

^ 7. (Currently Amended) The method according to claim 1, wherein said step 

h" of conducting an authentication process compricoc the step of includes conducting a 
CO 

m first authentication process wh i ch i ncludes using a first s e l e ct e d k e y the key received in 



CD 



the access request , and wherein said method further i nc l ud es th e s top of comprises 
conducting a second authentication process which includ e s using a second key^ which 
is generated using a second key code created during the first authentication process. 

8. (Currently Amended) The method according to claim 7, wherein said 
second key comprises a session key computed by said system and [[an]] the external 
entity seeking access to said desir e d funct i on . 



9, (Currently Amended) The method according to claim 8. wherein said 
second authentication process includes comparing said session keys computed by said 
the system and sate the external entity, wherein access to sa i d d e sir e d function the 
corresponding group of functions by said entity being fe authorized only if said 
compared session keys match. 



10. (Original) The method according to claim 8, wherein said second key code 
Is created using a random challenge sent to said entity by said system during the first 
authentication process. 



11. (Original) The method according to claim 7, wherein said second key is 
stored in a protected static random access memory (PSRAM) of said system. 
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12. (Currently Amended) Tho method aooording to c l aim 8, whoroin caid 



^ method fu rthe r includ e s th e ctcp of A method for providing controlled access to a 
O desired function in a system that includes a pluralrtv of functions, each of the plurality of 
UJ functions haying a corresponding key associated therewith, the method comprising: 
QQ selecting a l^ev corresponding to the desired function: 

^ conducting a first authentication process using the selected_key_: 

^ conducting a second authentication process using a second key, which is 

^ generated using a second key code created, during the firetjauthentication process, said 
second key being a session key computed by the svstem_and an_enti_tv_ seeking access 
^ to the desired function: 

controlling access to the desired function according to a result of the 
authentication process: and 

encrypting and decrypting data sent between the entity and the system using the 
session key. 

13, (Original) The method according to claim 12. wherein an algorithm code 
for the encryption and decryption of data is stored in an internal read-only memory 
(IROM) of said system. 



14. (Original) The method according to claim 12, wherein an algorithm code 
for the encryption and decryption of data is stored in a one-time programmable part of a 
non-volatile program memory of said system. 

15. (Original) The method according to claim 12, wherein an algorithm code 
for (he encryption and decryption of data is stored in said entity. 



16. (Currently Amended) The method according to claim 8, wherein said 
method further includes the step of adding MAG Message Authentication Code (MAC) 
protection for data transmitted between the system and the entity, said MAC protection 
utilizing said session key. 
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17. (Original) The method according to claim 16, wherein an algorithm code 
^ for MAC protection is stored in an internal read-only memory (IROM) of said system, 

o 
o 

Qj 18. (Original) The method according to claim 16, wherein an algorithm code 

for MAC protection Is stored in a one-time programmable part of a non-volatile program 
^ memory of said system. 



19. (Original) The method according to claim 16, wherein an algorithm code 
^ for MAC protection is stored in said entity. 

LU 

20. (Original) The method according to claim 1. wherein said system 
comprises a cellular telephone system. 



21-27. (Canceled) 

28. (Currently Amended) Tho method accord i ng to c l a i m 22, wh e r ei n said 
m e thod furth e r inciudoG tho otop of A method for providing contiDlled access to a 
desired function In a system that includes one or more functions, said method 
comprising: 

conducting a first authentication process with an external entity using a public 
kev corresponding to the desired function: 

conducting a second authentication process using a private session key, which is 
shared bv the system and the external entity, and is generated base_d_on a random 
challenge made bv the system to the external entity during the first authentication 
process: 

controlling access to the desired function according to a result of the first and 
second authentication processes: and 

encrypting and decrypting data sent between the extemal entity and the system 
using the private session key. 
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29. (Original) The method according to claim 28. wherein an algorithm code 

Q for the encryption and decryption of data is stored in an internal read-only memory 

O (IROM) of said system. 
LU 

2 30. (Original) The method according to claim 28, wherein an algorithm code 

= for the encryption and decryption of data is stored in a one-time programmable part of a 

^ non-volatile program memory of said system. 

CO' 31. (Original) The method according to claim 28, wherein an algorithm code 

0^ for the encryption and decryption of data is stored in said external entity. 



32-36. (Canceled) 



37. (Currently Amended) An apparatus for providing controlled access to a 
desired function in a system wh i ch that includes a plurality of functions, said apparatus 
comprising: 

means for dividing the plurality of functions into a plurality of groups: 

a memory for storing a plurality of con-esponding keys, each key G erresponding 
to one of sa i d p l ura l ity of funct i ons: and being assigned to a different group of functions: 

means for receiving an access reguest from an external entity, said access 
reguest including one of the assigned keys: and 

a processor which conducts for conducting an authentication process for the 
extemal entity using a koy of oa id-p lural i ty of koyc in said m e mory which corrosponds to 
s ai d d e sired function, and wh i ch controls acc e ss to said d e s i red funct i on according to a 
reo^ t t ef ea i d auth e ntication proc e ss the key received in the access reguest. and upon 
posftively authenticating the external entity, granting the entity access only to the 
functions in the group corresponding to the key received in the access reguest while 
prohibiting access to functions in other groups . 

38. (Currently Amended) The apparatus according to claim 37. wherein said 
plurality of keys cery>pris e comprises public keys. 
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39. (Original) The apparatus according to claim 37. wherein said memory 
comprises an internal read-only memory (I ROM). 



CD 

5 40. (Original) The apparatus according to claim 37, wherein said memory 

^ comprises a one-time programmable part of a non-volatile program memory. 



41. (Currently Amended) The apparatus according to claim 37, wherein sakl 
outh e nt i oation proooDS compris e s the processor conducts a first authentication process 
using a first k e y the key received in the, access request and wherein said processor 
further conducts a second authentication process using a second key which is 
generated using a second key code created during the first authentication process, 

42. (Currently Amended) The apparatus according to claim 41, wherein said 
second key comprises a shared session key shared by said system and [[anj] the 
external entity seeking access te sa i d d e sir e d function . 

43. (Original) The apparatus according to claim 41, wherein said second key 
is stored in a protected random access memory (PSRAM) of said system. 

44. (Original) The apparatus according to claim 37, wherein said system 
comprises a cellular telephone system. 



45-50. (Canceled) 



51. (New) The method according to claim 1, wherein the plurality of groups of 
functions are of different hierarchical levels, wherein access to a higher level provides 
access to tfie functions associated with the higher level and to the functions associated 
with all lower levels. 
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^ 52. (New) The apparatus according to claim 37, wherein the plurality of 

yj groups of functions are of different hierarchical levels, wherein access to a higher level 

OQ provides access to the functions associated with the higher level and to the functions 

^ associated with all lower levels. 

i 

UJ 
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